Patrick Upman

Frequently Used OSINT Tools

Tools I regularly use for investigations, analysis, and research.

These tools support phishing analysis, malware investigation, infrastructure reconnaissance, and threat validation.

Tool Descriptions

  • CyberChef – Decodes, encodes, hashes, and transforms data artifacts during investigations.
  • urlscan.io – Analyzes URLs to reveal redirects, scripts, trackers, and malicious behavior.
  • VirusTotal – Aggregates antivirus engines and intelligence sources to analyze files, URLs, IPs, and domains.
  • MXToolbox – Examines DNS records, email infrastructure, blacklists, and mail server health.
  • AbuseIPDB – Checks IP reputation using community-sourced abuse reports.
  • ANY.RUN – Interactive malware sandbox for real-time behavioral analysis of suspicious files and URLs.
  • CentralOps – Performs WHOIS, DNS, traceroute, and network infrastructure lookups.
  • IPQS (IP Quality Score) – Detects fraud, VPNs, proxies, bots, and abusive IP addresses.
  • SquareX – Isolates and inspects suspicious web content in a secure browser environment.
  • WPScan – Identifies WordPress vulnerabilities, insecure plugins, and misconfigurations.
  • Burp Suite – Intercepts and analyzes web application traffic for security testing.
  • Wireshark – Captures and inspects network traffic at the packet level.
  • Nessus – Scans systems for vulnerabilities, misconfigurations, and missing patches.
  • Zeek – Monitors network traffic and generates high-level security logs.
  • Rita – Detects command-and-control and beaconing patterns using Zeek logs.
  • Aircrack-ng – Audits and tests wireless network security.
  • OpenVAS – Open-source vulnerability assessment and scanning platform.
  • Metasploit – Validates vulnerabilities through controlled exploitation.
  • IDA – Disassembles and analyzes compiled binaries and malware.
  • Kali Linux – Penetration testing distribution containing a wide range of security and OSINT tools.